Privacy Policy

BrewOrigin Inc. ("BrewOrigin," "we," "us," or "our") operates the website breworigin.one and maintains an editorial research studio at 3625 Boulevard Saint-Laurent Suite 520, Montreal, Quebec H2X 2V4, Canada. This Privacy Policy explains how we collect, use, disclose, retain, and protect personal information in accordance with Canada's Personal Information Protection and Electronic Documents Act (PIPEDA) and applicable Quebec privacy legislation.

1. Accountability

BrewOrigin Inc. is responsible for personal information under our control. We have designated a privacy contact who oversees compliance with this policy and responds to access requests. You may reach our privacy office at [email protected] or by mail at the address above. Our Business Number is BN 840123456QC0001.

We train staff and contractors who handle personal information on confidentiality obligations and limit access to those who require data to perform their duties. Third-party service providers that process data on our behalf are bound by written agreements requiring comparable protection standards.

2. Identifying purposes

We collect personal information only for purposes that a reasonable person would consider appropriate in the circumstances. Primary purposes include:

• Responding to contact form submissions, origin notes enquiries, cupping sheet requests, farm story collaboration proposals, and general inquiries;
• Scheduling studio visits, origin briefings, and editorial collaboration sessions;
• Delivering contracted services such as cupping documentation, seasonal updates, and co-branded editorial content;
• Processing cookie consent preferences and maintaining site functionality;
• Measuring aggregated website traffic when analytics cookies are accepted;
• Complying with legal obligations, including tax and corporate record-keeping requirements;
• Protecting against fraud, abuse, and security incidents affecting our systems or users.

We will identify the purpose of collection at or before the time information is collected. If we intend to use your information for a new purpose not previously identified, we will obtain your consent unless the new purpose is permitted or required by law.

3. Consent

Your knowledge and consent are required for the collection, use, or disclosure of personal information, except where inappropriate or where the law permits or requires otherwise. When you submit our contact form, you must check the PIPEDA consent box confirming that you have read this Privacy Policy and agree to our collection and processing of the data you provide.

Consent may be express or implied depending on the sensitivity of the information and your reasonable expectations. You may withdraw consent at any time, subject to legal or contractual restrictions and reasonable notice. Withdrawal of consent may limit our ability to provide services you have requested. To withdraw consent, contact [email protected] with the subject line "Privacy — consent withdrawal."

4. Limiting collection

We limit collection of personal information to what is necessary for the identified purposes. Contact form fields include name, email address, subject selection, and message content — all required to respond meaningfully to your enquiry. We do not collect government-issued identification numbers, financial account details, or health information through the public website.

Our contact form includes a honeypot field hidden from human users to deter automated spam submissions. Bots that populate this field are silently redirected without processing personal data.

5. Limiting use, disclosure, and retention

We do not use or disclose personal information for purposes other than those for which it was collected, except with your consent or as required by law. Internal access is restricted to editorial and administrative personnel who need the information to fulfil your request or maintain business records.

We may disclose personal information to:

• Email and hosting infrastructure providers operating under confidentiality agreements;
• Professional advisors (legal, accounting) when necessary for compliance or dispute resolution;
• Law enforcement or regulatory bodies when compelled by valid legal process;
• Producer partners involved in farm story collaboration, but only with your explicit approval for each disclosure.

We do not sell personal information. We do not share contact details with unrelated third parties for their marketing purposes.

Contact form submissions and related correspondence are retained for up to seven years to support service continuity, dispute resolution, and legal compliance, after which records are securely deleted or anonymised. Cookie consent records are retained for the duration of the consent period plus six months.

6. Accuracy

We endeavour to keep personal information as accurate, complete, and up-to-date as necessary for the identified purposes. If you believe information we hold about you is inaccurate or incomplete, please contact us and we will amend the record promptly where appropriate.

7. Safeguards

We protect personal information with security safeguards appropriate to the sensitivity of the data. Measures include access controls on studio systems, encrypted transport (HTTPS) for website communications, password-protected email accounts, and physical security at our Saint-Laurent office.

No method of transmission or storage is completely secure. While we strive to protect your information, we cannot guarantee absolute security. You are responsible for maintaining the confidentiality of any credentials associated with services we provide directly to you.

8. Openness

We make information about our privacy policies and practices readily available on breworigin.one. This policy is linked from our contact form, cookie banner, and site footer. Questions about our privacy practices may be directed to [email protected] or +1 (514) 555-9386 during studio hours (Mon–Fri 09:00–17:00 ET).

9. Individual access

Upon written request, we will inform you of the existence, use, and disclosure of your personal information and provide access to that information, subject to limited exceptions permitted by law (for example, where disclosure would reveal confidential commercial information or affect another individual's privacy).

We will respond to access requests within thirty days unless an extension is permitted. If we deny access, we will explain the reason and outline available complaint options. You may challenge the accuracy of information we hold and have it amended as appropriate.

10. Challenging compliance

You may challenge our compliance with these privacy principles by contacting our privacy office. We will investigate all complaints and respond with our findings and proposed remediation. If you remain unsatisfied, you may contact the Office of the Privacy Commissioner of Canada or the Commission d'accès à l'information du Québec, as applicable.

11. Website analytics and cookies

When you accept analytics cookies through our consent banner, we may collect aggregated usage data such as pages visited, session duration, referral source, and device type. This information does not directly identify you unless combined with other data. See our Cookie Policy for detailed descriptions of each cookie category and instructions for managing preferences.

Essential cookies required for site security and consent storage may operate regardless of analytics preferences, as they are necessary to provide the service you request.

12. International transfers

Our primary systems are located in Canada. If we transfer personal information to service providers outside Canada, we assess the recipient's privacy framework and implement contractual protections consistent with PIPEDA requirements. By submitting information through our website, you acknowledge that limited processing may occur in jurisdictions where providers maintain infrastructure.

13. Children's privacy

Our services are directed to coffee industry professionals and are not intended for individuals under sixteen years of age. We do not knowingly collect personal information from children. If you believe a child has submitted data through our contact form, please notify us and we will delete the information promptly.

14. Changes to this policy

We may update this Privacy Policy to reflect changes in our practices or applicable law. The effective date at the top of this page indicates the current version. Material changes will be noted on breworigin.one. Continued use of the website after an update constitutes acceptance of the revised policy for non-sensitive processing where consent is not otherwise required.

Previous versions are archived internally at our Montreal studio. You may request a summary of material changes made since your last enquiry by emailing [email protected] with the subject line "Privacy — policy history."

Where Quebec's Act respecting the protection of personal information in the private sector imposes additional requirements beyond PIPEDA, BrewOrigin complies with the stricter standard applicable to our Montreal operations and Quebec-resident data subjects.

15. Data breach notification

In the unlikely event of a security incident that creates a real risk of significant harm to individuals, we will notify affected persons and relevant authorities as required by PIPEDA and Quebec law. Notifications will describe the nature of the incident, categories of information involved, steps we have taken to mitigate harm, and contact information for further questions. We maintain an internal incident response checklist at our Saint-Laurent studio and review it annually.

If you suspect unauthorised access to information you submitted through breworigin.one, contact [email protected] immediately with the subject line "Privacy — security concern" so we can investigate and take remedial action.

16. Contact information

BrewOrigin Inc.
3625 Boulevard Saint-Laurent Suite 520
Montreal QC H2X 2V4, Canada
Email: [email protected]
Phone: +1 (514) 555-9386
BN: 840123456QC0001

© 2026 BrewOrigin Inc. All rights reserved.